openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)

update to 1.1.15 bnc768680 : - security fix: complete authz support for remote SVN views CVE-2012-3356 - security fix: log msg leak in SVN revision view with unreadable copy source CVE-2012-3357 Additionally the following non-security issues have been addressed : - fix several instances of...

Path traversal

The SVN revision view lib/vclib/svn/svnrepos.py in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."...

CVE-2012-3357

CVE-2012-3357 affects ViewVC prior to 1.1.15. The Subversion revision view mishandles log messages when a readable path is copied from an unreadable path, enabling remote disclosure of sensitive information. The issue arises in lib/vclib/svn/svn_repos.py due to improper handling of log messages a...

CVE-2012-3357

The SVN revision view lib/vclib/svn/svnrepos.py in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."...